Make mixed content checking and CSP aware of RemoteFrames

Source/core/frame/csp/CSPDirectiveList.cpp

Index: Source/core/frame/csp/CSPDirectiveList.cpp
diff --git a/Source/core/frame/csp/CSPDirectiveList.cpp b/Source/core/frame/csp/CSPDirectiveList.cpp
index a9e8f99bde697f8a000eb907c7c568f00be61ad9..4ea6b5046615a3ee61c4d4b570ab1ac00f98ff84 100644
--- a/Source/core/frame/csp/CSPDirectiveList.cpp
+++ b/Source/core/frame/csp/CSPDirectiveList.cpp
@@ -92,8 +92,9 @@ bool CSPDirectiveList::checkAncestors(SourceListDirective* directive, LocalFrame
     if (!frame || !directive)
         return true;
 
-    for (LocalFrame* current = frame->tree().parent(); current; current = current->tree().parent()) {
-        if (!directive->allows(current->document()->url()))
+    for (Frame* current = frame->tree().parent(); current; current = current->tree().parent()) {
+        // FIXME: To make this work for out-of-process iframes, we need to propagate URL information of ancestor frames across processes.
+        if (!current->isLocalFrame() || !directive->allows(toLocalFrame(current)->document()->url()))

[Mike West, 2014/05/29 09:47:41]

This will block loading any page that sets a frame-ancestor directive if it's
somewhere nested in a chain that includes a RemoteFrame. Do we create those
today, or will those only pop up in an OOP world?

[kenrb, 2014/05/29 13:38:41]

RemoteFrames will only be used behind a flag until we are ready to launch this
feature.

             return false;
     }
     return true;